Identifying duplicate machines

by Mitch Tulloch [Published on 19 Dec. 2007 / Last Updated on 19 Dec. 2007]

How to find Windows installations that are exact copies of each other.

Sometimes when you get hired as an admin for a company, you find out the previous admin didn't do things quite right. For example, I heard about a guy who got hired at a company where they were experiencing various network connectivity issues that their previous admin had been unable to resolve such as machines unable to join or log on to a domain and so on. Eventually the new admin discovered that some of the machines on the network had been copied (i.e. cloned without sysprepping) and therefore had duplicate machine SIDs. The problem was to try and find out which machines they were. The solution he finally used was to use the getsid command from the Windows Server 2003 Support Tools and write a script that uses this command to compare the SID of a well-known account like Administrator on each machine. For example, the following shows that BOX22 and BOX44 are identical machines (same machine SID):

C:\>getsid \\BOX22 Administrator \\BOX44 Administrator
The SID for account BOX22 \Administrator matches account BOX44 \Administrator
The SID for account BOX22 \Administrator is S-1-5-21-2552189465-4149289120-1296836545-500
The SID for account BOX44 \Administrator is S-1-5-21-2552189465-4149289120-1296836545-500

Once identical machines have been identified like this, at least one of them (preferably both) need to be rebuilt from properly sysprepped images.

***

Mitch Tulloch is lead author for the Windows Vista Resource Kit from Microsoft Press, which is THE book for IT pros who want to deploy, maintain and support Windows Vista in mid- and large-sized network environments. Mitch is also the author of Introducing Windows Server 2008, the first book from Microsoft Press about the exciting new server platform. For more information on these and other books written by Mitch, see www.mtit.com.

See Also

Featured Links